Commit graph

108 commits

Author SHA1 Message Date
Sebastian Gumprich 48388a3d96 use fqcns for some task
Signed-off-by: Sebastian Gumprich <github@gumpri.ch>
2022-10-28 14:04:29 +02:00
Slavi Pantaleev 9c549a185f Auto-purge orphaned Let's Encrypt renewal configuration files 2022-10-25 06:28:24 +03:00
Slavi Pantaleev 1ea1597020 Fix some ansible-lint-reported warnings
This mostly fixes `key-order` warnings around
`block` statements.
2022-09-27 11:38:33 +03:00
Aine 692a7af36a
postmoogle feedback 2022-09-09 13:19:25 +03:00
Slavi Pantaleev 1aff2ca247 Fix ansible-lint errors 2022-08-09 10:54:39 +03:00
Slavi Pantaleev 04f224e634
Merge branch 'master' into conduit 2022-08-09 10:46:03 +03:00
Charles Wright 20767b5149 Fixes to enable Conduit in setup-all 2022-08-04 14:35:41 -05:00
Slavi Pantaleev 8ad1fa085e Use full path when importing SSL setup tasks
This is an attempt to make ansible-lint happy.
2022-07-18 16:48:25 +03:00
Slavi Pantaleev d073c7ecb3 More ansible-lint fixes 2022-07-18 13:01:19 +03:00
Slavi Pantaleev ddf18eadc7 More ansible-lint fixes 2022-07-18 13:01:17 +03:00
Slavi Pantaleev 34cdaade08 Use fully-qualified module names for builtin Ansible modules
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1939
2022-07-18 12:58:41 +03:00
Julian Foad ec9f8e2931 Add a role to install 'ntfy' push-notification server.
This commit adds a 'matrix-ntfy' role that runs Ntfy server in Docker with
simple configuration, and plumbing to add the role to the playbook.

TODO: documentation, self-check, database persistence.
2022-07-04 15:31:29 +01:00
Aine 5b38ee5371
add missing retry to the apache docker image pull 2022-06-28 08:27:57 +00:00
Slavi Pantaleev 1727ecd888 Make yamllint happy (take 2)
> Error:   19:3      error    wrong indentation: expected 4 but found 2  (indentation)
2022-06-23 18:00:32 +03:00
Slavi Pantaleev 9aab7f9c37 Make yamllint happy
Fixup for ba51997f7b
2022-06-23 17:57:59 +03:00
Slavi Pantaleev ba51997f7b (BC Break) Redo how metrics are exposed to external Prometheus servers 2022-06-23 17:55:07 +03:00
Aine 290754371a
add matrix-bot-buscarron 2022-04-23 16:19:24 +03:00
borisrunakov acaebfbf67
optional media cache with range requests support (#1759) 2022-04-21 10:31:26 +03:00
Aine 2da3768b20
Added retries to the docker pulls (#1701) 2022-03-17 17:37:11 +02:00
Alejo Diaz 4ec24ec344
Add support for obtain ECDSA keys (#1667)
* Add support for obtain ECDSA keys

* Replace matrix_ssl_lets_encrypt_use_ecdsa_keys for matrix_ssl_lets_encrypt_key_type
2022-03-03 18:15:39 +02:00
Marko Weltzer 7e5b88c3b7 fix: all praise the allmighty yamllinter 2022-02-05 21:32:54 +01:00
Wm Salt Hale 3aa8c1f62c only enable openssl if necessary 2022-01-19 21:58:39 -08:00
Slavi Pantaleev 27a4871aea Fix variable name typo 2022-01-09 12:14:23 +02:00
Slavi Pantaleev ecc237bbad Initial work on getting nginx reverse proxying working with Dendrite 2022-01-07 15:59:35 +02:00
rakshazi 5788a16a2e
added matrix-client-cinny 2022-01-05 18:33:21 +02:00
Slavi Pantaleev 948c411106 Remove sudo requirement for generating SSL certificates
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1492
2021-12-30 10:47:06 +02:00
Slavi Pantaleev fa704f104b Add support for using custom ACME CA servers (other than Let's Encrypt')
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1468
2021-12-17 17:30:21 +02:00
boris runakov d3a9ec98de refactoring 2021-11-16 21:03:21 +02:00
Slavi Pantaleev 994c0e504c Ensure some matrix-nginx-proxy variables are defined
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1397
2021-11-15 14:46:44 +02:00
Slavi Pantaleev 735c966ab6 Disable systemd services when stopping to uninstall them
Until now, we were leaving services "enabled"
(symlinks in /etc/systemd/system/multi-user.target.wants/).

We clean these up now. Broken symlinks may still exist in older
installations that enabled/disabled services. We're not taking care
to fix these up. It's just a cosmetic defect anyway.
2021-11-10 17:39:21 +02:00
HarHarLinks 7b33fc8e19 fixup! auto-generate prometheus.yml for workers metrics 2021-10-20 13:30:38 +02:00
HarHarLinks ce41674e61 auto-generate prometheus.yml for workers metrics 2021-10-20 12:51:00 +02:00
Michael Collins 4d57a41b3f remove matrix_awx_enabled from these 2021-08-11 17:18:57 +08:00
Michael Collins bfb61e776e GMH v0.5.7... maybe! 2021-08-10 12:58:10 +08:00
pushytoxin bee14550ab Fix local/bin scripts autocompletion by adding rx perms to everyone
It's mildly annoying when trying to execute these scripts while logged
in as a regular user, as the missing execute permissions will hinder
autocompletion even when trying to use with sudo.

These shell scripts don't contain secrets, but may fail when ran by a
regular user. The failure is due to the lack of access to the /matrix
directory, and does not result in any damage.
2021-05-28 10:39:27 +02:00
Slavi Pantaleev d0de21ab34
Delete Hydrogen nginx configuration file when disabled 2021-05-21 12:58:32 +03:00
Aaron Raimist ca361af616
Add Hydrogen 2021-05-15 04:23:36 -05:00
Slavi Pantaleev 9a0222fa47 Add Sygnal support
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/683
2021-03-20 13:32:22 +02:00
Aaron Raimist 466827139a
Also check if matrix_ssl_lets_encrypt_support_email is blank 2021-03-17 00:54:05 -05:00
Slavi Pantaleev 6181861ffe
Merge pull request #929 from Zir0h/master
Added support for the Go-NEB bot
2021-03-16 07:49:53 +02:00
Alexandros Afentoulis 28c255539c matrix-nginx-proxy: specify Origin header, comply with CORS
Self-checks against the .well-known URIs look for the HTTP header
"Access-Control-Allow-Origin" indicating that the remode endpoint
supports CORS. But the remote server is not required to include
said header in the response if the HTTP request does not include
the "Origin" header. This is in accordance with the specification
[1] stating: 'A CORS request is an HTTP request that includes an
"Origin" header.'

This is in fact true for Gitlab pages hosting and that's why the
issue was identified.

Let's specify "Origin" header in the respective uri tasks performing
the HTTP request and ensure a CORS request.

[1] https://fetch.spec.whatwg.org/#http-requests
2021-03-15 14:24:55 +02:00
Yannick Goossens 51e2547484 Added support for the Go-NEB bot 2021-03-11 19:23:01 +01:00
Slavi Pantaleev 6baa91dd9f Do not delete matrix-ssl-lets-encrypt-certificates-renew only to recreate it later
This seems to have been added to the list of "deprecated files to
remove" by mistake.
2021-02-26 13:37:51 +02:00
Slavi Pantaleev 5cfeae806b Merge branch 'master' into synapse-workers 2021-02-14 13:00:57 +02:00
Peetz0r 989100b1c1 Grafana nginx proxy config 2021-02-10 22:54:14 +01:00
Slavi Pantaleev 778b66876c Merge branch 'master' into synapse-workers 2021-01-25 14:56:55 +02:00
Slavi Pantaleev 4d62a75f6f Get matrix-corporal to play nicely with a Synapse worker setup
We do this by creating one more layer of indirection.

First we reach some generic vhost handling matrix.DOMAIN.
A bunch of override rules are added there (capturing traffic to send to
ma1sd, etc). nginx-status and similar generic things also live there.

We then proxy to the homeserver on some other vhost (only Synapse being
available right now, but repointing this to Dendrite or other will be
possible in the future).
Then that homeserver-specific vhost does its thing to proxy to the
homeserver. It may or may not use workers, etc.

Without matrix-corporal, the flow is now:
1. matrix.DOMAIN (matrix-nginx-proxy/matrix-domain.conf)
2. matrix-nginx-proxy/matrix-synapse.conf
3. matrix-synapse

With matrix-corporal enabled, it becomes:
1. matrix.DOMAIN (matrix-nginx-proxy/matrix-domain.conf)
2. matrix-corporal
3. matrix-nginx-proxy/matrix-synapse.conf
4. matrix-synapse

(matrix-corporal gets injected at step 2).
2021-01-25 09:46:41 +02:00
Slavi Pantaleev 8fa913dca7 Fix Ansible warning 2021-01-24 19:11:35 +02:00
Slavi Pantaleev e1690722f7 Replace cronjobs with systemd timers
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/756

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/737

I feel like timers are somewhat more complicated and dirty (compared to
cronjobs), but they come with these benefits:

- log output goes to journald
- on newer systemd distros, you can see when the timer fired, when it
will fire, etc.
- we don't need to rely on cron (reducing our dependencies to just
systemd + Docker)

Cronjobs work well, but it's one more dependency that needs to be
installed. We were even asking people to install it manually
(in `docs/prerequisites.md`), which could have gone unnoticed.

Once in a while someone says "my SSL certificates didn't renew"
and it's likely because they forgot to install a cron daemon.

Switching to systemd timers means that installation is simpler
and more unified.
2021-01-14 23:35:50 +02:00
Slavi Pantaleev 05ca9357a8 Add .service suffix to systemd units list
We'll be adding `.timer` units later on, so it's good to be
more explicit.
2021-01-14 23:02:10 +02:00